Kubernetes and Airgap

When distributing a Kubernetes (or Helm) application using Replicated Ship, there will be a running Kubernetes cluster to deploy to. Enterprise Kubernetes clusters that are used for internal applications can be installed and operated in airgapped environments. An airgap cluster is any cluster that doesn’t have outbound Internet access, and therefore cannot pull the application images from a Docker registry.

The recommended way to deploy applications to airgap clusters is to require a Docker registry that’s already running in the customer environment.

When requiring an existing Docker registry to use, the images will have to be retagged and pushed to the registry at install time. Replicated Ship supports this workflow from the workstation that’s performing the installation:

Require that the installer provide the registry name and namespace in the registry

Require that the workstation running the installation be logged in to the registry

Once these requirements are met, the Ship assets and scripts can:

Pull all public and private images using Docker

Retag the images to match the registry endpoint and namespace

Update the Kubernetes YAML to reflect the correct registry to pull from